PowerShellRunBox is dynamic PowerShell analysis framework based upon Windows PowerShell Debugging Functionality. It can step through obfuscated code to reveal it’s obfuscation scheme or to show the micro-behaviors. This can improve productivity with PowerShell malware analysis.

For more details, please read example usage from the article. PowerShellRunBox: Analyzing PowerShell Threats Using PowerShell Debugging